MRTG -- the Multi Router Traffic Grapher

A functional overview of the Multi Router Graphing Tool (MRTG) using 8 virtual Cisco Routers and one virtual Linux router.

MRTG is a tool to automate collection and presentation of router -- or any network device -- interface utilization.  It uses SNMP to query interfaces for name, configuration and performance information, creates log files and graph images and organizes them as web pages.  MRTG development commenced in 1994 and has been available since the mid 1990's.  It has a long history of reliable performance and has been improved over the years; the author has used it since approximately 2000 and has not experienced significant problems (at least ones that weren't his own fault).

There are several important components to understand:

1. The cfgmaker command line data collection configuration utility
2. Log and image files and resulting per host-interface web pages
3. The indexmaker command line index web page configuration utility

MRTG CFGMAKER

MRTG provides a command line tool -- cfgmaker -- that automates walking target MIBs and preparing the MRTG configuration file.  The bulk of what cfgmaker searches is in the iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry MIB (1.3.6.1.2.1.2.2.1).  The shorthand way to address interface SNMP information is to invoke IF-MIB::<value> at the command line.  For instance,

snmpwalk -v 2c -c public <host> IF-MIB::ifIndex

The cfgmaker command also is capable of addressing a limited number of other proprietary MIBs, which we will see below.

For this example, the following command is used:

$cfgmaker --no-down --show-op-down --ifdesc=descr,ip public@cou-gateway public@7206_COU_01 public@7206_PHL_01 public@7206_PIT_01 public@7206_HBG_01 public@3640_WEL_01 public@3745PHL_01 public@2691_ALT_01 public@3725_YRK_01 --output /etc/mrtg/mrtg.cfg

where:

--no-down and --show-op-down:  includes operationally and administratively down interfaces in the configuration and does not comment them out.--ifdesc=descr,ip:  uses the SNMP ifDescr or IP address as the MRTG Interface description.<community>@host ... : SNMP Community@Host Name combination for a list of hosts.--output /etc/mrtg/mrtg.cfg: Write the output to the specified file.

As the command processes, it outputs information to the terminal:

--base: Get Device Info on public@3725_YRK_01:--base: Vendor Id: cisco--base: Populating confcache--base: Get Interface Info
--base: Walking ifIndex--snpd:   public@3725_YRK_01: -> 1 -> ifIndex = 1--snpd:   public@3725_YRK_01: -> 2 -> ifIndex = 2--snpd:   public@3725_YRK_01: -> 3 -> ifIndex = 3...--snpd:   public@3725_YRK_01: -> 22 -> ifIndex = 22
--base: Walking ifType--snpd:   public@3725_YRK_01: -> 1 -> ifType = 6--snpd:   public@3725_YRK_01: -> 2 -> ifType = 22--snpd:   public@3725_YRK_01: -> 3 -> ifType = 6...--snpd:   public@3725_YRK_01: -> 22 -> ifType = 6
--base: Walking ifAdminStatus--snpd:   public@3725_YRK_01: -> 1 -> ifAdminStatus = 2--snpd:   public@3725_YRK_01: -> 2 -> ifAdminStatus = 1--snpd:   public@3725_YRK_01: -> 3 -> ifAdminStatus = 2...--snpd:   public@3725_YRK_01: -> 22 -> ifAdminStatus = 2
--base: Walking ifOperStatus--snpd:   public@3725_YRK_01: -> 1 -> ifOperStatus = 2--snpd:   public@3725_YRK_01: -> 2 -> ifOperStatus = 1--snpd:   public@3725_YRK_01: -> 3 -> ifOperStatus = 2...--snpd:   public@3725_YRK_01: -> 22 -> ifOperStatus = 2
--base: Walking ifMtu--snpd:   public@3725_YRK_01: -> 1 -> ifMtu = 1500--snpd:   public@3725_YRK_01: -> 2 -> ifMtu = 1500--snpd:   public@3725_YRK_01: -> 3 -> ifMtu = 1500...--snpd:   public@3725_YRK_01: -> 22 -> ifMtu = 1500
--base: Walking ifAlias--snpd:   public@3725_YRK_01: -> 1 -> ifAlias =
--snpd:   public@3725_YRK_01: -> 2 -> ifAlias =
--snpd:   public@3725_YRK_01: -> 3 -> ifAlias =
...--snpd:   public@3725_YRK_01: -> 22 -> ifAlias =

--base: Walking vmVlan--snpd:   public@3725_YRK_01: -> 5 -> vmVlan = 1--snpd:   public@3725_YRK_01: -> 6 -> vmVlan = 1--snpd:   public@3725_YRK_01: -> 7 -> vmVlan = 1...--snpd:   public@3725_YRK_01: -> 20 -> vmVlan = 1
--base: Walking vlanTrunkPortDynamicStatus--base: Walking ifSpeed--snpd:   public@3725_YRK_01: -> 1 -> ifSpeed = 10000000--snpd:   public@3725_YRK_01: -> 2 -> ifSpeed = 1544000--snpd:   public@3725_YRK_01: -> 3 -> ifSpeed = 10000000...--snpd:   public@3725_YRK_01: -> 22 -> ifSpeed = 100000000
--base: Writing mrtg.cfg

The first step cfgmaker performs is walking ifIndex.  This returns a unique value (in this case 1 through 22) assigned to each network interface -- ifIndex.# = #.  This value is important because it is then passed to subsequent snmpwalk commands to generate interface-specific values for the MRTG configuration file.  It then uses sequential snmpget commands to retrieve the type of interface.  These sequential commands are in the format IF-MIB::ifType.# where # begins with 1 and ends with 22.  This returns a numerical value assigned according to SNMP RFCs:

other (1)
regular1822 (2)
hdh1822 (3)
ddnX25 (4)
rfc877x25 (5)
ethernetCsmacd (6)
...
basicISDN (20)
primaryISDN (21)
propPointToPointSerial (22)
ppp (23)
...
x86Laps (242)
wwanPP (243)
wwanPP2 (244)

For this router, there are Ethernet (6) and serial (22) interface types.

The cfgmaker process then reads ifAdminStatus.#, ifOperStatus.#, ifMtu.#, ifAlias.#, and ifSpeed.# values in the same format.  The vmVlan walk is a bit different.  This is a Cisco proprietary MIB value (1.3.6.1.4.1.9.9.68.1.2.2.1.2) hard-coded into cfgmaker and is not directly tied to interfaces.  It each entry is keyed to interface ID (ifIndex) in the format vmVlan.ifIndex and the returned value is the VLAN ID.  This only applies to switched ports, in this case a 16-port NM-16ESW card (ifIndex 5 through 20) in the Model 3725 Router chassis.

The process continues for all hosts specified in the host list.

MRTG Cron Job

MRTG may run as a daemon or be called by a cron job.  In the author's experience, it is more reliable running as a 5-minute cron job, /etc/cron.d/mrtg:

0-55/5 * * * * root if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then env LANG=C /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi

This cron job outputs daily, weekly, monthly and yearly .html pages, .png images and .log log files for each interface, named by host-interface combination.

Log Files

Log files are organized by host-interface pair.  They maintain timestamped interface bandwidth utilization data. The MRTG cron job then uses these data to generate graph images and bandwidth utilization statistics.  These log files automatically rotate, limiting the size maintained.

Image Files

Image files are generated by the MRTG cron job calling rrdtool to create the image from the log files.  They are created for each host-interface pair's daily, weekly, monthly and yearly data.

RRDTool

RRDTool -- as utilized by MRTG -- creates images of data collected by MRTG.  It maintains database files in the .rrd format.

Web pages

The web pages organize each host-interface pair's information, including interface name, address, descriptive data, and daily, weekly, monthly and yearly graphs with current, average and maximum bandwidth utilization.

The Index Page (left) is a summary of the monitored host-interface pairs that provides a daily traffic image.  In this case, it is organized by host (Interfaces of <host name>) and titled by Interface name (interface name - host name). The daily, 5-minute time-weighted image is linked to more detailed interface information: daily, weekly, monthly and yearly graphs and statistics.

MRTG INDEXMAKER

MRTG provides a command line tool -- indexmaker -- that automates generating the static index.html MRTG start page.  This page is a summary of host and interface data that is hyperlinked to more detailed web pages and images described above.  The index.html file used in this article was generated using the command:

$indexmaker /etc/mrtg/mrtg.cfg --output=/var/www/mrtg/index.html --section=title --perhost
where:--output=/var/www/mrtg/index.html: the location and name of the output file.--section=title: Uses titles to delimit sections.--perhost:  organizes sections by host.